0

So when generating a new .NET Core web project there is an appSettings.json and appSettings.Development.json for configuration parts. By default, those are not ignored by the .gitignore file so I think they should stay in the repository.

I'm using a database and want to store my connection string to those files. Obviously the parameters contain sensitive information and shouldn't be in the repository. If the environment is the development I can add the local connection string to the appSettings.Development.json (but then every developer would have to use the same settings until I add the dev file to the .gitignore)

"Database": {
    "Server": "localhost",
    "Port": 5432,
    "UserId": "admin",
    "Password": "admin",
    "Name": "myDb"
}

How can I set-up the appSettings.json for production or other purposes? Is there a way for something like

"Database": {
    "Server": "$DB_SERVER",
    "Port": "$DB_PORT",
    "UserId": "$DB_USER_ID",
    "Password": "$DB_PASSWORD",
    "Name": "$DB_NAME"
}

and those placeholders would be replaced with the values from the environment variables?

Improve this question
1
  • You can apply a config transformation. Or you can just access your config values like Database__Server environment variables Commented May 29, 2020 at 10:22

2 Answers 2

Reset to default
3

If you include any sort of sensitive information (like production connection strings) in source control they are usually considered compromised.

You have two options:

First option wopuld be to go for appsettings file override values. It is supported by all the established CI/CD tools. That step usually happen in the release pipeline right before you deploy.In this scenario you store your values encrypted in the CD tool.

Second option is to use Environment variables. In this case for development purposes you can just pass this variables in the launchSettings.json file. And you set the values of your environment variables in the server running your application.

If you want to use Environment variables you do not need place holders in appsettings file. You can read them directly 

Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT ")
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks for your code sample, exactly what I was looking for :)
1

Use secret

They save in a local file the configuration, so they aren't on repository. When you go in production, you save this information in environment variable.

In visual studio on Project, select Manage user secret and add your connection

{
 "ConnectionStrings": {
   "MyConnection": "the connection"
}

in startup use IConfiguration

configuration.GetConnectionString("MyConnection")

and at production, in EnvironmentVariable of server, you save a new EnvironmentVariable

ConnectionStrings:MyConnection

So only administrator know the connection. If you use Azure, you could use Azure key vault.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.